[secdir] Review of draft-ietf-tsvwg-dtls-for-sctp-05
Catherine Meadows <catherine.meadows@nrl.navy.mil> Thu, 03 June 2010 22:11 UTC
Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F37F93A68ED; Thu, 3 Jun 2010 15:11:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.091
X-Spam-Level:
X-Spam-Status: No, score=-0.091 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_40=-0.185, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fas0XZMn4pc2; Thu, 3 Jun 2010 15:11:22 -0700 (PDT)
Received: from fw5540.nrl.navy.mil (fw5540.nrl.navy.mil [132.250.196.100]) by core3.amsl.com (Postfix) with ESMTP id F215B28C122; Thu, 3 Jun 2010 15:11:21 -0700 (PDT)
Received: from chacs.nrl.navy.mil (sun1.fw5540.net [10.0.0.11]) by fw5540.nrl.navy.mil (8.13.8/8.13.6) with ESMTP id o53MAvaA022308; Thu, 3 Jun 2010 18:10:57 -0400 (EDT)
Received: from chacs.nrl.navy.mil (sun1 [10.0.0.11]) by chacs.nrl.navy.mil (8.13.8/8.13.6) with SMTP id o53MAt3S026217; Thu, 3 Jun 2010 18:10:55 -0400 (EDT)
Received: from siduri.fw5540.net ([10.0.3.73]) by chacs.nrl.navy.mil (SMSSMTP 4.1.16.48) with SMTP id M2010060318105417144 ; Thu, 03 Jun 2010 18:10:54 -0400
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Content-Type: multipart/alternative; boundary="Apple-Mail-7-943336534"
Date: Thu, 03 Jun 2010 18:14:39 -0400
Message-Id: <4C4B3C19-EC89-460B-A248-B90BBC5D5BB8@nrl.navy.mil>
To: secdir@ietf.org, iesg@ietf.org, gorry@erg.abdn.ac.uk, tuexen@fh-muenster.de, seggelmann@fh-muenster.de, ekr@networkresonance.com
Mime-Version: 1.0 (Apple Message framework v1078)
X-Mailer: Apple Mail (2.1078)
Subject: [secdir] Review of draft-ietf-tsvwg-dtls-for-sctp-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jun 2010 22:11:24 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes the usage of the Datagram Transport Layer Security (DTLS) protocol over the Stream Control Transmission Protocol (SCTP). Most of the document deals with the different DTLS features, that must, must not, may, or should be used in this case. I don't see any security issues other than the one the authors have already noted, that is, that certain information is unavoidably sent in the clear because it is in the header, and security decisions should not be made when certificates based on IP-addresses are used, since SCTP associations use multiple addresses per SCTP endpoint. Thus, I have no further comments to make. Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil
- [secdir] Review of draft-ietf-tsvwg-dtls-for-sctp… Catherine Meadows